03-09-2018 09:11 PM - edited 02-21-2020 10:48 AM
Guys,
We suddenly have issue with our authentication, on live logs we always get 24403 user authentication against active directory failed , BUT as per checking in External Identity Source we able to do Test User and SUCCESS
Anyone have encounter same issue? I have attached some screenshot.
03-09-2018 10:29 PM
- Check if the account is disabled or locked as this can cause the error you're getting.2) check your active directory server's logs, see what is has to say about this particular auth-attempt (if possible enable debugging on the AD).
M.
03-10-2018 04:38 AM
Hi rhuel.phils
It is not clear from the screenshot why Authentication against Active directory has failed.
Normally I do get more informative errors about AD authentication Failures like these
Authentication failure gainst AD due to account locked out
=============================================
5400 Authentication failed
+
24415 User authentication against Active Directory failed since user's account is locked out
=========================================================================
Authentication failure gainst AD due to wrong password
==========================================================
5400 Authentication failed
+
24408 User authentication against Active Directory failed since user has entered the wrong password
=========================================================================
Authentication failure gainst AD due to account is disabled
=============================================
5400 Authentication failed
+
24409 User authentication against Active Directory failed since the user's account is disabled
========================================================================
Check the following:
- AD Domain Controller and Your ISE PSN node are NTP Synced (no more than 5 min difference) --> Although your test would have failed also.
If you can share the first screen shot complete especially the right hand side RADIUS steps as it include more information about the AD connection about what might happened?
Also did this happen only once or it is so frequently happening --> you may run the Diagnostic tool in the AD connector to see any errors or warnings
05-21-2019 10:32 PM
05-22-2019 12:59 PM
If the account is configured on the ACS for login. That time you will get a error code as below.
Message Text | Failed-Attempt: Authentication failed |
Failure Reason | 22040 Wrong password or invalid shared secret |
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide